How can companies mitigate the risks of PIN Codes guessing

So while I was driving, my wife was asked by her banking app to set up a 6 digits PIN Code. She immediately thought out loud : "Hmm... 6 digits ? I'm going to use the start of my phone number." I then remembered that I did the same thing and I just asked a friend of mine and confirmed that he does the same thing. Another friend just told me : I just use my birth date 12 / 12 / 88.

So my first question is why most apps these days have switched to 6 digits instead of 4 digits given that :

From the inventor of the ATM, a quote : The standard, ISO 9564-1, allows for PINs from four up to twelve digits. The inventor of the ATM, John Shepherd-Barron, had at first envisioned a six-digit numeric code, but his wife could only remember four digits, and that has become the most commonly used length in many places, although banks in Switzerland and many other countries require a six-digit PIN.

Second question is what can companies do to mitigate the risks of social engineering if it could be proved that most of the people will use either their birth date or phone number as a PIN code ?

Tags: an event apart, smashing, speckyboy, UX Interview, ux stack, UX Stack Exchange, UXBooth

How can companies mitigate the risks of PIN Codes guessing

UX in 2018: The human element

Three Takeaways from the Hawai’i Missile False Alarm

UX in 2018: Content

UX in 2018: Design, Development, and Accessibility

The Power and Danger of Persuasive Design

How can companies mitigate the risks of PIN Codes guessing

Related Posts